Collecting consent for processing under the GDPR

The General Data Protection Regulation (GDPR) requires organizations to establish a lawful basis for processing data. A lawful basis for processing means that your organization has a legal right for collecting, storing, or accessing data belonging to a specific person. Often, a lawful basis for processing relies on consent from the customer. With online scheduling, you may or may not need to obtain consent from customers who book with you online.

Scheduling is customarily initiated by customers. By this nature alone, you may not need consent to process information. However, if your organization processes sensitive data, it is recommended that you obtain explicit consent at the time of scheduling. This most likely applies to organizations in the healthcare industry, but other organizations may be affected as well. Data that is considered sensitive includes any information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic or biometric data, health information, or a person’s sex life or sexual orientation. Learn more about establishing a lawful basis for processing

Obtaining consent

The GDPR defines consent as “freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” Controllers that process on the basis of consent must clearly request consent and enable data subjects to withdraw consent at any time. The GDPR also states that if your request for consent occurs in the context of other matters, you should ensure that the request for consent is distinguishable from the other matters.

In order to obtain clear consent to process data via ScheduleOnce, it is recommended that you add a field in your Booking form to request consent (See Figure 1).

Figure 1: Consent requested in the Booking form

How to add a consent field to your Booking form

2. Create the Custom field by selecting the Field type, Field name, Field title and Option. We recommend using a Checkbox as the Field type, and creating one option allowing users to provide consent (See Figure 3).

Figure 3: Add Custom field to library

3. When creating your custom field, we recommend linking to your organization’s privacy policy. This ensures your customers understand the processing activities to which they are agreeing. To link to the field, highlight the words you want to link and select the link icon (See Figure 4).

Figure 4: Link to your company’s privacy policy

4. Input the link to your privacy policy and press Save.
5. Once you have created the field, add it to your Booking form by locating the field in the custom fields library and clicking the arrow to add it to the form (See Figure 5).

Figure 5: Add the field to the booking form

6. Next, you can determine the position of the field and whether or not it will be mandatory for customers to check. It is recommended that this field be mandatory (See Figure 6).